目次 †
JHipsterのCI/CDのページ †
https://www.jhipster.tech/setting-up-ci/
GitLabのCI/CDのページ †
dockerで動かす際の説明 https://docs.gitlab.com/runner/install/docker.html
https://about.gitlab.com/features/continuous-integration/
.gitlab-ci.yml ファイルとは †
.gitlab-ci.yml ファイルはパイプラインの構造と順序を定義し、以下のことを決めます。
- GitLab Runnerを使って実行する内容。
- 特定の状況において、どのような判断をするか。例えば、処理が成功した場合と失敗した場合。
.gitlab-ci.ymlのリファレンス †
https://gitlab-docs.creationline.com/ee/ci/yaml/
GitLabのクイックスタート †
https://gitlab-docs.creationline.com/ee/ci/quick_start/README.html
GitLabの設定サンプル †
https://gitlab-docs.creationline.com/ee/ci/examples/README.html
mavenを使った例 †
https://gitlab-docs.creationline.com/ee/ci/examples/artifactory_and_gitlab/index.html
spring-bootを使った例 †
https://gitlab-docs.creationline.com/ee/ci/examples/deploy_spring_boot_to_cloud_foundry/index.html
jhipster ci-cdをためす †
jhipster ci-cd
を実行してみる
選択枝でGitLabを選ぶ
In GitLab CI, perform the build in a docker container
となる。
y
を選ぶ
.gitlab-ci.yml
が変更になる
.gitlab-ci.yml に追加されたコード †
追加のタスクは何もなしで進むと以下のコードが追加された
image: jhipster/jhipster:v7.9.3
cache:
key: '$CI_COMMIT_REF_NAME'
paths:
- .maven/
stages:
- check
- build
- test
- analyze
- package
- release
- deploy
before_script:
- export MAVEN_USER_HOME=`pwd`/.maven
nohttp:
stage: check
script:
- ./mvnw -ntp checkstyle:check -Dmaven.repo.local=$MAVEN_USER_HOME
maven-compile:
stage: build
script:
- ./mvnw -ntp compile -P-webapp -Dmaven.repo.local=$MAVEN_USER_HOME
artifacts:
paths:
- target/classes/
- target/generated-sources/
expire_in: 1 day
maven-test:
services:
- docker:dind
variables:
# Instruct Testcontainers to use the daemon of DinD.
DOCKER_HOST: 'tcp://docker:2375'
# Improve performance with overlayfs.
DOCKER_DRIVER: overlay2
stage: test
script:
- ./mvnw -ntp verify -P-webapp -Dmaven.repo.local=$MAVEN_USER_HOME
artifacts:
reports:
junit:
- target/surefire-reports/TEST-*.xml
- target/failsafe-reports/TEST-*.xml
paths:
- target/surefire-reports
- target/failsafe-reports
- target/site
expire_in: 1 day
frontend-test:
stage: test
script:
- npm install
- npm test
artifacts:
reports:
junit: target/test-results/TESTS-results-jest.xml
paths:
- target/test-results
- target/jacoco
expire_in: 1 day
maven-package:
stage: package
script:
- ./mvnw -ntp verify -Pprod -DskipTests -Dmaven.repo.local=$MAVEN_USER_HOME
artifacts:
paths:
- target/*.jar
- target/classes
expire_in: 1 day
# Uncomment the following line to use gitlabs container registry. You need to adapt the REGISTRY_URL in case you are not using gitlab.com
#docker-push:
# stage: release
# variables:
# REGISTRY_URL: registry.gitlab.com
# IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHA
# dependencies:
# - maven-package
# script:
# - ./mvnw -ntp jib:build -Pprod -Djib.to.image=$IMAGE_TAG -Djib.to.auth.username=gitlab-ci-token -Djib.to.auth.password=$CI_BUILD_TOKEN -Dmaven.repo.local=$MAVEN_USER_HOME
GitLab Runnerは別サーバー? †
もしかしてGitLabRunner?は別サーバにたてるのだろうか?
以下に構築方法を解説しているサイトがあった。
Dockerコンテナでgitlabとgitlab-runnerを構築してCI/CD †
https://syachiku.net/docker-gitlab-gitlab-runner/
docker-composeに追加するコード †
gitlab-runner:
image: gitlab/gitlab-runner:latest
container_name: gitlab-runner
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/gitlab/gitlab-runner-config:/etc/gitlab-runner
ports:
- "8093:8093"
必要なディレクトリやファイルを作成 †
mkdir -p /root/gitlab/gitlab-runner-config
GitLab Runnerを使用する前に、GitLabの管理者アカウントでGitLab Runnerを登録する必要があります。 †
GitLabの公式ドキュメント †
https://docs.gitlab.com/runner/
正直、オンプレミスではどうしたらよいのか親切には書いてない。
日本語の解説サイト †
GitLab Runner構築のススメ †
https://www.gitlab.jp/blog/2022/09/26/runner-summary/
画面のキャプチャとかあって、本家よりわかりやすいかもしれない。インストール部分は、自分はdocker-composeを使ったので、参考にしてないが、GitRunner?の登録の仕方が本家の説明で要領を得なかったので、ここを参考にした。
手順 †
- GitLab全体の基本設定のほうではなく、プロジェクトのサイドメニューから設定->CI/CD->Runnerを開いてください。
- Specific runnersに表示されているURL (GitLabのURLです)とregistration tokenの二つをメモする
メモしたい項目の具体的な項目名:
- Register the runner with this URL:
- And this registration token:
gitlab-runnerのコンテナ名の調査 †
docker-compose ps
起動させてあるのが、前提条件ですが、上記のコマンドで、実行済みのgitlab-runnerのコンテナ名を調べます。
docker-imageへのログイン †
docker exec -it 上記手順で調べたドッカーコンテナ名 bash
登録コマンドの実行 †
コマンドを実行する前に、どのようなコマンドがあるのか確認してみましょう。
gitlab-runner --help
gitlab-runner-2というコンテナ名で、helpオプションを実行する例 †
# docker exec -it gitlab-runner-2 gitlab-runner --help NAME: gitlab-runner - a GitLab Runner USAGE: gitlab-runner [global options] command [command options] [arguments...] VERSION: 15.10.1 (dcfb4b66) AUTHOR: GitLab Inc. <support@gitlab.com> COMMANDS: exec execute a build locally list List all configured runners run run multi runner service register register a new runner reset-token reset a runner's token install install service uninstall uninstall service start start service stop stop service restart restart service status get status of a service run-single start single runner unregister unregister specific runner verify verify all registered runners artifacts-downloader download and extract build artifacts (internal) artifacts-uploader create and upload build artifacts (internal) cache-archiver create and upload cache artifacts (internal) cache-extractor download and extract cache artifacts (internal) cache-init changed permissions for cache paths (internal) health-check check health for a specific address read-logs reads job logs from a file, used by kubernetes executor (internal) help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --cpuprofile value write cpu profile to file [$CPU_PROFILE] --debug debug mode [$RUNNER_DEBUG] --log-format value Choose log format (options: runner, text, json) [$LOG_FORMAT] --log-level value, -l value Log level (options: debug, info, warn, error, fatal, panic) [$LOG_LEVEL] --help, -h show help --version, -v print the version
登録に実行するコマンドは、以下のコマンドですが、、
gitlab-runner register
gitlab-runner registerのオプションの量がやばい量ある件について †
[root@localhost gitlab]# docker exec -it gitlab-runner-2 gitlab-runner help register
Runtime platform arch=amd64 os=linux pid=171 revision=dcfb4b66 version=15.10.1
NAME:
gitlab-runner register - register a new runner
USAGE:
gitlab-runner register [command options] [arguments...]
OPTIONS:
-c value, --config value Config file [$CONFIG_FILE]
--template-config value Path to the configuration template file [$TEMPLATE_CONFIG_FILE]
--tag-list value Tag list [$RUNNER_TAG_LIST]
-n, --non-interactive Run registration unattended [$REGISTER_NON_INTERACTIVE]
--leave-runner Don't remove runner if registration fails [$REGISTER_LEAVE_RUNNER]
-r value, --registration-token value Runner's registration token [$REGISTRATION_TOKEN]
--run-untagged Register to run untagged builds; defaults to 'true' when 'tag-list' is empty [$REGISTER_RUN_UNTAGGED]
--locked Lock Runner for current project, defaults to 'true' [$REGISTER_LOCKED]
--access-level value Set access_level of the runner to not_protected or ref_protected; defaults to not_protected [$REGISTER_ACCESS_LEVEL]
--maximum-timeout value What is the maximum timeout (in seconds) that will be set for job when using this Runner (default: "0") [$REGISTER_MAXIMUM_TIMEOUT]
--paused Set Runner to be paused, defaults to 'false' [$REGISTER_PAUSED]
--maintenance-note value Runner's maintenance note [$REGISTER_MAINTENANCE_NOTE]
--name value, --description value Runner name (default: "8979973c36c6") [$RUNNER_NAME]
--limit value Maximum number of builds processed by this runner (default: "0") [$RUNNER_LIMIT]
--output-limit value Maximum build trace size in kilobytes (default: "0") [$RUNNER_OUTPUT_LIMIT]
--request-concurrency value Maximum concurrency for job requests (default: "0") [$RUNNER_REQUEST_CONCURRENCY]
--unhealthy-requests-limit value The number of 'unhealthy' responses to new job requests after which a runner worker will be disabled (default: "0") [$RUNNER_UNHEALTHY_REQUESTS_LIMIT]
--unhealthy-interval value Duration for which a runner worker is disabled after exceeding the unhealthy requests limit. Supports syntax like '3600s', '1h30min' etc
-u value, --url value GitLab instance URL [$CI_SERVER_URL]
-t value, --token value Runner token [$CI_SERVER_TOKEN]
--tls-ca-file value File containing the certificates to verify the peer when using HTTPS [$CI_SERVER_TLS_CA_FILE]
--tls-cert-file value File containing certificate for TLS client auth when using HTTPS [$CI_SERVER_TLS_CERT_FILE]
--tls-key-file value File containing private key for TLS client auth when using HTTPS [$CI_SERVER_TLS_KEY_FILE]
--executor value Select executor, eg. shell, docker, etc. [$RUNNER_EXECUTOR]
--builds-dir value Directory where builds are stored [$RUNNER_BUILDS_DIR]
--cache-dir value Directory where build cache is stored [$RUNNER_CACHE_DIR]
--clone-url value Overwrite the default URL used to clone or fetch the git ref [$CLONE_URL]
--env value Custom environment variables injected to build environment [$RUNNER_ENV]
--pre-clone-script value [DEPRECATED] Use pre_get_sources_script instead [$RUNNER_PRE_CLONE_SCRIPT]
--post-clone-script value [DEPRECATED] Use post_get_sources_script instead [$RUNNER_POST_CLONE_SCRIPT]
--pre-get-sources-script value Runner-specific commands to be executed on the runner before updating the Git repository an updating submodules. [$RUNNER_PRE_GET_SOURCES_SCRIPT]
--post-get-sources-script value Runner-specific commands to be executed on the runner after updating the Git repository and updating submodules. [$RUNNER_POST_GET_SOURCES_SCRIPT]
--pre-build-script value Runner-specific command script executed just before build executes [$RUNNER_PRE_BUILD_SCRIPT]
--post-build-script value Runner-specific command script executed just after build executes [$RUNNER_POST_BUILD_SCRIPT]
--debug-trace-disabled When set to true Runner will disable the possibility of using the CI_DEBUG_TRACE feature [$RUNNER_DEBUG_TRACE_DISABLED]
--shell value Select bash, sh, cmd, pwsh or powershell [$RUNNER_SHELL]
--custom_build_dir-enabled Enable job specific build directories [$CUSTOM_BUILD_DIR_ENABLED]
--cache-type value Select caching method [$CACHE_TYPE]
--cache-path value Name of the path to prepend to the cache URL [$CACHE_PATH]
--cache-shared Enable cache sharing between runners. [$CACHE_SHARED]
--cache-max_uploaded_archive_size value Limit the size of the cache archive being uploaded to cloud storage, in bytes. (default: "0") [$CACHE_MAXIMUM_UPLOADED_ARCHIVE_SIZE]
--cache-s3-server-address value A host:port to the used S3-compatible server [$CACHE_S3_SERVER_ADDRESS]
--cache-s3-access-key value S3 Access Key [$CACHE_S3_ACCESS_KEY]
--cache-s3-secret-key value S3 Secret Key [$CACHE_S3_SECRET_KEY]
--cache-s3-bucket-name value Name of the bucket where cache will be stored [$CACHE_S3_BUCKET_NAME]
--cache-s3-bucket-location value Name of S3 region [$CACHE_S3_BUCKET_LOCATION]
--cache-s3-insecure Use insecure mode (without https) [$CACHE_S3_INSECURE]
--cache-s3-authentication_type value IAM or credentials [$CACHE_S3_AUTHENTICATION_TYPE]
--cache-s3-server-side-encryption value Server side encryption type (S3, or KMS) [$CACHE_S3_SERVER_SIDE_ENCRYPTION]
--cache-s3-server-side-encryption-key-id value Server side encryption key ID (alias or Key ID) [$CACHE_S3_SERVER_SIDE_ENCRYPTION_KEY_ID]
--cache-gcs-access-id value ID of GCP Service Account used to access the storage [$CACHE_GCS_ACCESS_ID]
--cache-gcs-private-key value Private key used to sign GCS requests [$CACHE_GCS_PRIVATE_KEY]
--cache-gcs-credentials-file value File with GCP credentials, containing AccessID and PrivateKey [$GOOGLE_APPLICATION_CREDENTIALS]
--cache-gcs-bucket-name value Name of the bucket where cache will be stored [$CACHE_GCS_BUCKET_NAME]
--cache-azure-account-name value Account name for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_NAME]
--cache-azure-account-key value Access key for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_KEY]
--cache-azure-container-name value Name of the Azure container where cache will be stored [$CACHE_AZURE_CONTAINER_NAME]
--cache-azure-storage-domain value Domain name of the Azure storage (e.g. blob.core.windows.net) [$CACHE_AZURE_STORAGE_DOMAIN]
--feature-flags value Enable/Disable feature flags https://docs.gitlab.com/runner/configuration/feature-flags.html (default: "{}") [$FEATURE_FLAGS]
--ssh-user value User name [$SSH_USER]
--ssh-password value User password [$SSH_PASSWORD]
--ssh-host value Remote host [$SSH_HOST]
--ssh-port value Remote host port [$SSH_PORT]
--ssh-identity-file value Identity file to be used [$SSH_IDENTITY_FILE]
--ssh-disable-strict-host-key-checking value Disable SSH strict host key checking [$DISABLE_STRICT_HOST_KEY_CHECKING]
--ssh-known-hosts-file value Location of known_hosts file. Defaults to ~/.ssh/known_hosts [$KNOWN_HOSTS_FILE]
--docker-host value Docker daemon address [$DOCKER_HOST]
--docker-cert-path value Certificate path [$DOCKER_CERT_PATH]
--docker-tlsverify Use TLS and verify the remote [$DOCKER_TLS_VERIFY]
--docker-hostname value Custom container hostname [$DOCKER_HOSTNAME]
--docker-image value Docker image to be used [$DOCKER_IMAGE]
--docker-runtime value Docker runtime to be used [$DOCKER_RUNTIME]
--docker-memory value Memory limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. Minimum is 4M. [$DOCKER_MEMORY]
--docker-memory-swap value Total memory limit (memory + swap, format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_SWAP]
--docker-memory-reservation value Memory soft limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_RESERVATION]
--docker-cpuset-cpus value String value containing the cgroups CpusetCpus to use [$DOCKER_CPUSET_CPUS]
--docker-cpus value Number of CPUs [$DOCKER_CPUS]
--docker-cpu-shares value Number of CPU shares (default: "0") [$DOCKER_CPU_SHARES]
--docker-dns value A list of DNS servers for the container to use [$DOCKER_DNS]
--docker-dns-search value A list of DNS search domains [$DOCKER_DNS_SEARCH]
--docker-privileged Give extended privileges to container [$DOCKER_PRIVILEGED]
--docker-services_privileged value When set this will give or remove extended privileges to container services [$DOCKER_SERVICES_PRIVILEGED]
--docker-disable-entrypoint-overwrite Disable the possibility for a container to overwrite the default image entrypoint [$DOCKER_DISABLE_ENTRYPOINT_OVERWRITE]
--docker-user value Run all commands in the container as the specified user. [$DOCKER_USER]
--docker-userns value User namespace to use [$DOCKER_USERNS_MODE]
--docker-cap-add value Add Linux capabilities [$DOCKER_CAP_ADD]
--docker-cap-drop value Drop Linux capabilities [$DOCKER_CAP_DROP]
--docker-oom-kill-disable Do not kill processes in a container if an out-of-memory (OOM) error occurs [$DOCKER_OOM_KILL_DISABLE]
--docker-oom-score-adjust value Adjust OOM score (default: "0") [$DOCKER_OOM_SCORE_ADJUST]
--docker-security-opt value Security Options [$DOCKER_SECURITY_OPT]
--docker-services-security-opt value Security Options for container services [$DOCKER_SERVICES_SECURITY_OPT]
--docker-devices value, --omitempty value Add a host device to the container [$DOCKER_DEVICES]
--docker-device-cgroup-rules value Add a device cgroup rule to the container [$DOCKER_DEVICE_CGROUP_RULES]
--docker-gpus value Request GPUs to be used by Docker [$DOCKER_GPUS]
--docker-disable-cache Disable all container caching [$DOCKER_DISABLE_CACHE]
--docker-volumes value Bind-mount a volume and create it if it doesn't exist prior to mounting. Can be specified multiple times once per mountpoint, e.g. --docker-volumes 'test0:/test0' --docker-volumes 'test1:/test1' [$DOCKER_VOLUMES]
--docker-volume-driver value Volume driver to be used [$DOCKER_VOLUME_DRIVER]
--docker-volume-driver-ops value A toml table/json object with the format key=values. Volume driver ops to be specified (default: "{}") [$DOCKER_VOLUME_DRIVER_OPS]
--docker-cache-dir value Directory where to store caches [$DOCKER_CACHE_DIR]
--docker-extra-hosts value Add a custom host-to-IP mapping [$DOCKER_EXTRA_HOSTS]
--docker-volumes-from value A list of volumes to inherit from another container [$DOCKER_VOLUMES_FROM]
--docker-network-mode value Add container to a custom network [$DOCKER_NETWORK_MODE]
--docker-ipcmode value Select IPC mode for container [$DOCKER_IPC_MODE]
--docker-mac-address value Container MAC address (e.g., 92:d0:c6:0a:29:33) [$DOCKER_MAC_ADDRESS]
--docker-links value Add link to another container [$DOCKER_LINKS]
--docker-wait-for-services-timeout value How long to wait for service startup (default: "0") [$DOCKER_WAIT_FOR_SERVICES_TIMEOUT]
--docker-allowed-images value Image allowlist [$DOCKER_ALLOWED_IMAGES]
--docker-allowed-pull-policies value Pull policy allowlist [$DOCKER_ALLOWED_PULL_POLICIES]
--docker-allowed-services value Service allowlist [$DOCKER_ALLOWED_SERVICES]
--docker-pull-policy value Image pull policy: never, if-not-present, always [$DOCKER_PULL_POLICY]
--docker-isolation value Container isolation technology. Windows only [$DOCKER_ISOLATION]
--docker-shm-size value Shared memory size for docker images (in bytes) (default: "0") [$DOCKER_SHM_SIZE]
--docker-tmpfs value A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in the main container, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_TMPFS]
--docker-services-tmpfs value A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in all the service containers, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_SERVICES_TMPFS]
--docker-sysctls value Sysctl options, a toml table/json object of key=value. Value is expected to be a string. (default: "{}") [$DOCKER_SYSCTLS]
--docker-helper-image value [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$DOCKER_HELPER_IMAGE]
--docker-helper-image-flavor value Set helper image flavor (alpine, ubuntu), defaults to alpine [$DOCKER_HELPER_IMAGE_FLAVOR]
--docker-container-labels value A toml table/json object of key-value. Value is expected to be a string. When set, this will create containers with the given container labels. Environment variables will be substituted for values here. (default: "{}")
--docker-enable-ipv6 Enable IPv6 for automatically created networks. This is only takes affect when the feature flag FF_NETWORK_PER_BUILD is enabled.
--parallels-base-name value VM name to be used [$PARALLELS_BASE_NAME]
--parallels-template-name value VM template to be created [$PARALLELS_TEMPLATE_NAME]
--parallels-disable-snapshots Disable snapshoting to speedup VM creation [$PARALLELS_DISABLE_SNAPSHOTS]
--parallels-time-server value Timeserver to sync the guests time from. Defaults to time.apple.com [$PARALLELS_TIME_SERVER]
--parallels-allowed-images value Image (base_name) allowlist [$PARALLELS_ALLOWED_IMAGES]
--virtualbox-base-name value VM name to be used [$VIRTUALBOX_BASE_NAME]
--virtualbox-base-snapshot value Name or UUID of a specific VM snapshot to clone [$VIRTUALBOX_BASE_SNAPSHOT]
--virtualbox-base-folder value Folder in which to save the new VM. If empty, uses VirtualBox default [$VIRTUALBOX_BASE_FOLDER]
--virtualbox-disable-snapshots Disable snapshoting to speedup VM creation [$VIRTUALBOX_DISABLE_SNAPSHOTS]
--virtualbox-allowed-images value Image allowlist [$VIRTUALBOX_ALLOWED_IMAGES]
--virtualbox-start-type value Graphical front-end type [$VIRTUALBOX_START_TYPE]
--machine-max-growth-rate value Maximum machines being provisioned concurrently, set to 0 for unlimited (default: "0") [$MACHINE_MAX_GROWTH_RATE]
--machine-idle-nodes value Maximum idle machines (default: "0") [$MACHINE_IDLE_COUNT]
--machine-idle-scale-factor value (Experimental) Defines what factor of in-use machines should be used as current idle value, but never more then defined IdleCount. 0.0 means use IdleCount as a static number (defaults to 0.0). Must be defined as float number. (default: "0") [$MACHINE_IDLE_SCALE_FACTOR]
--machine-idle-count-min value Minimal number of idle machines when IdleScaleFactor is in use. Defaults to 1. (default: "0") [$MACHINE_IDLE_COUNT_MIN]
--machine-idle-time value Minimum time after node can be destroyed (default: "0") [$MACHINE_IDLE_TIME]
--machine-max-builds value Maximum number of builds processed by machine (default: "0") [$MACHINE_MAX_BUILDS]
--machine-machine-driver value The driver to use when creating machine [$MACHINE_DRIVER]
--machine-machine-name value The template for machine name (needs to include %s) [$MACHINE_NAME]
--machine-machine-options value Additional machine creation options [$MACHINE_OPTIONS]
--kubernetes-host value Optional Kubernetes master host URL (auto-discovery attempted if not specified) [$KUBERNETES_HOST]
--kubernetes-cert-file value Optional Kubernetes master auth certificate [$KUBERNETES_CERT_FILE]
--kubernetes-key-file value Optional Kubernetes master auth private key [$KUBERNETES_KEY_FILE]
--kubernetes-ca-file value Optional Kubernetes master auth ca certificate [$KUBERNETES_CA_FILE]
--kubernetes-bearer_token_overwrite_allowed Bool to authorize builds to specify their own bearer token for creation. [$KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED]
--kubernetes-bearer_token value Optional Kubernetes service account token used to start build pods. [$KUBERNETES_BEARER_TOKEN]
--kubernetes-image value Default docker image to use for builds when none is specified [$KUBERNETES_IMAGE]
--kubernetes-namespace value Namespace to run Kubernetes jobs in [$KUBERNETES_NAMESPACE]
--kubernetes-namespace_overwrite_allowed value Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value [$KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED]
--kubernetes-privileged value Run all containers with the privileged flag enabled [$KUBERNETES_PRIVILEGED]
--kubernetes-runtime-class-name value A Runtime Class to use for all created pods, errors if the feature is unsupported by the cluster [$KUBERNETES_RUNTIME_CLASS_NAME]
--kubernetes-allow-privilege-escalation value Run all containers with the security context allowPrivilegeEscalation flag enabled. When empty, it does not define the allowPrivilegeEscalation flag in the container SecurityContext and allows Kubernetes to use the default privilege escalation behavior. [$KUBERNETES_ALLOW_PRIVILEGE_ESCALATION]
--kubernetes-cpu-limit value The CPU allocation given to build containers [$KUBERNETES_CPU_LIMIT]
--kubernetes-cpu-limit-overwrite-max-allowed value If set, the max amount the cpu limit can be set to. Used with the KUBERNETES_CPU_LIMIT variable in the build. [$KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-cpu-request value The CPU allocation requested for build containers [$KUBERNETES_CPU_REQUEST]
--kubernetes-cpu-request-overwrite-max-allowed value If set, the max amount the cpu request can be set to. Used with the KUBERNETES_CPU_REQUEST variable in the build. [$KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-memory-limit value The amount of memory allocated to build containers [$KUBERNETES_MEMORY_LIMIT]
--kubernetes-memory-limit-overwrite-max-allowed value If set, the max amount the memory limit can be set to. Used with the KUBERNETES_MEMORY_LIMIT variable in the build. [$KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-memory-request value The amount of memory requested from build containers [$KUBERNETES_MEMORY_REQUEST]
--kubernetes-memory-request-overwrite-max-allowed value If set, the max amount the memory request can be set to. Used with the KUBERNETES_MEMORY_REQUEST variable in the build. [$KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-ephemeral-storage-limit value The amount of ephemeral storage allocated to build containers [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT]
--kubernetes-ephemeral-storage-limit-overwrite-max-allowed value If set, the max amount the ephemeral limit can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-ephemeral-storage-request value The amount of ephemeral storage requested from build containers [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST]
--kubernetes-ephemeral-storage-request-overwrite-max-allowed value If set, the max amount the ephemeral storage request can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-cpu-limit value The CPU allocation given to build service containers [$KUBERNETES_SERVICE_CPU_LIMIT]
--kubernetes-service-cpu-limit-overwrite-max-allowed value If set, the max amount the service cpu limit can be set to. Used with the KUBERNETES_SERVICE_CPU_LIMIT variable in the build. [$KUBERNETES_SERVICE_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-cpu-request value The CPU allocation requested for build service containers [$KUBERNETES_SERVICE_CPU_REQUEST]
--kubernetes-service-cpu-request-overwrite-max-allowed value If set, the max amount the service cpu request can be set to. Used with the KUBERNETES_SERVICE_CPU_REQUEST variable in the build. [$KUBERNETES_SERVICE_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-memory-limit value The amount of memory allocated to build service containers [$KUBERNETES_SERVICE_MEMORY_LIMIT]
--kubernetes-service-memory-limit-overwrite-max-allowed value If set, the max amount the service memory limit can be set to. Used with the KUBERNETES_SERVICE_MEMORY_LIMIT variable in the build. [$KUBERNETES_SERVICE_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-memory-request value The amount of memory requested for build service containers [$KUBERNETES_SERVICE_MEMORY_REQUEST]
--kubernetes-service-memory-request-overwrite-max-allowed value If set, the max amount the service memory request can be set to. Used with the KUBERNETES_SERVICE_MEMORY_REQUEST variable in the build. [$KUBERNETES_SERVICE_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-ephemeral_storage-limit value The amount of ephemeral storage allocated to build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT]
--kubernetes-service-ephemeral_storage-limit-overwrite-max-allowed value If set, the max amount the service ephemeral storage limit can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-service-ephemeral_storage-request value The amount of ephemeral storage requested for build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST]
--kubernetes-service-ephemeral_storage-request-overwrite-max-allowed value If set, the max amount the service ephemeral storage request can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-cpu-limit value The CPU allocation given to build helper containers [$KUBERNETES_HELPER_CPU_LIMIT]
--kubernetes-helper-cpu-limit-overwrite-max-allowed value If set, the max amount the helper cpu limit can be set to. Used with the KUBERNETES_HELPER_CPU_LIMIT variable in the build. [$KUBERNETES_HELPER_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-cpu-request value The CPU allocation requested for build helper containers [$KUBERNETES_HELPER_CPU_REQUEST]
--kubernetes-helper-cpu-request-overwrite-max-allowed value If set, the max amount the helper cpu request can be set to. Used with the KUBERNETES_HELPER_CPU_REQUEST variable in the build. [$KUBERNETES_HELPER_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-memory-limit value The amount of memory allocated to build helper containers [$KUBERNETES_HELPER_MEMORY_LIMIT]
--kubernetes-helper-memory-limit-overwrite-max-allowed value If set, the max amount the helper memory limit can be set to. Used with the KUBERNETES_HELPER_MEMORY_LIMIT variable in the build. [$KUBERNETES_HELPER_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-memory-request value The amount of memory requested for build helper containers [$KUBERNETES_HELPER_MEMORY_REQUEST]
--kubernetes-helper-memory-request-overwrite-max-allowed value If set, the max amount the helper memory request can be set to. Used with the KUBERNETES_HELPER_MEMORY_REQUEST variable in the build. [$KUBERNETES_HELPER_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-ephemeral_storage-limit value The amount of ephemeral storage allocated to build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT]
--kubernetes-helper-ephemeral_storage-limit-overwrite-max-allowed value If set, the max amount the helper ephemeral storage limit can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
--kubernetes-helper-ephemeral_storage-request value The amount of ephemeral storage requested for build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST]
--kubernetes-helper-ephemeral_storage-request-overwrite-max-allowed value If set, the max amount the helper ephemeral storage request can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
--kubernetes-allowed-images value Image allowlist [$KUBERNETES_ALLOWED_IMAGES]
--kubernetes-allowed-pull-policies value Pull policy allowlist [$KUBERNETES_ALLOWED_PULL_POLICIES]
--kubernetes-allowed-services value Service allowlist [$KUBERNETES_ALLOWED_SERVICES]
--kubernetes-pull-policy value Policy for if/when to pull a container image (never, if-not-present, always). The cluster default will be used if not set [$KUBERNETES_PULL_POLICY]
--kubernetes-node-selector value A toml table/json object of key:value. Value is expected to be a string. When set this will create pods on k8s nodes that match all the key:value pairs. Only one selector is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_SELECTOR]
--kubernetes-node_selector_overwrite_allowed value Regex to validate 'KUBERNETES_NODE_SELECTOR_*' values [$KUBERNETES_NODE_SELECTOR_OVERWRITE_ALLOWED]
--kubernetes-node-tolerations value A toml table/json object of key=value:effect. Value and effect are expected to be strings. When set, pods will tolerate the given taints. Only one toleration is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_TOLERATIONS]
--kubernetes-image-pull-secrets value A list of image pull secrets that are used for pulling docker image [$KUBERNETES_IMAGE_PULL_SECRETS]
--kubernetes-helper-image value [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$KUBERNETES_HELPER_IMAGE]
--kubernetes-helper-image-flavor value Set helper image flavor (alpine, ubuntu), defaults to alpine [$KUBERNETES_HELPER_IMAGE_FLAVOR]
--kubernetes-terminationGracePeriodSeconds value Duration after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal.DEPRECATED: use KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS and KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS instead. [$KUBERNETES_TERMINATIONGRACEPERIODSECONDS]
--kubernetes-pod_termination_grace_period_seconds value Pod-level setting which determines the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS]
--kubernetes-cleanup_grace_period_seconds value When cleaning up a pod on completion of a job, the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS]
--kubernetes-poll-interval value How frequently, in seconds, the runner will poll the Kubernetes pod it has just created to check its status (default: "0") [$KUBERNETES_POLL_INTERVAL]
--kubernetes-poll-timeout value The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time) (default: "0") [$KUBERNETES_POLL_TIMEOUT]
--kubernetes-resource-availability-check-max-attempts value The maximum number of attempts to check if a resource (service account and/or pull secret) set is available before giving up. There is 5 seconds interval between each attempt (default: "0") [$KUBERNETES_RESOURCE_AVAILABILITY_CHECK_MAX_ATTEMPTS]
--kubernetes-pod-labels value A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here. (default: "{}")
--kubernetes-pod_labels_overwrite_allowed value Regex to validate 'KUBERNETES_POD_LABELS_*' values [$KUBERNETES_POD_LABELS_OVERWRITE_ALLOWED]
--kubernetes-scheduler-name value Pods will be scheduled using this scheduler, if it exists [$KUBERNETES_SCHEDULER_NAME]
--kubernetes-service-account value Executor pods will use this Service Account to talk to kubernetes API [$KUBERNETES_SERVICE_ACCOUNT]
--kubernetes-service_account_overwrite_allowed value Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value [$KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED]
--kubernetes-pod-annotations value A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables (default: "{}")
--kubernetes-pod_annotations_overwrite_allowed value Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values [$KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED]
--kubernetes-pod-security-context-fs-group value A special supplemental group that applies to all containers in a pod [$KUBERNETES_POD_SECURITY_CONTEXT_FS_GROUP]
--kubernetes-pod-security-context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_GROUP]
--kubernetes-pod-security-context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
--kubernetes-pod-security-context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_USER]
--kubernetes-pod-security-context-supplemental-groups value A list of groups applied to the first process run in each container, in addition to the container's primary GID
--kubernetes-pod-security-context-selinux-type value The SELinux type label that applies to all containers in a pod
--kubernetes-init_permissions_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
--kubernetes-init_permissions_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
--kubernetes-init_permissions_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
--kubernetes-init_permissions_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
--kubernetes-init_permissions_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
--kubernetes-init_permissions_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
--kubernetes-init_permissions_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
--kubernetes-init_permissions_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
--kubernetes-init_permissions_container_security_context-selinux-type value The SELinux type label that is associated with the container process
--kubernetes-init_permissions_container_security_context-proc-mount value Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
--kubernetes-build_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
--kubernetes-build_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
--kubernetes-build_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
--kubernetes-build_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
--kubernetes-build_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
--kubernetes-build_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
--kubernetes-build_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
--kubernetes-build_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
--kubernetes-build_container_security_context-selinux-type value The SELinux type label that is associated with the container process
--kubernetes-build_container_security_context-proc-mount value Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
--kubernetes-helper_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
--kubernetes-helper_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
--kubernetes-helper_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
--kubernetes-helper_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
--kubernetes-helper_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
--kubernetes-helper_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
--kubernetes-helper_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
--kubernetes-helper_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
--kubernetes-helper_container_security_context-selinux-type value The SELinux type label that is associated with the container process
--kubernetes-helper_container_security_context-proc-mount value Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
--kubernetes-service_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
--kubernetes-service_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
--kubernetes-service_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
--kubernetes-service_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
--kubernetes-service_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
--kubernetes-service_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
--kubernetes-service_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
--kubernetes-service_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
--kubernetes-service_container_security_context-selinux-type value The SELinux type label that is associated with the container process
--kubernetes-service_container_security_context-proc-mount value Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
--kubernetes-host_aliases value Add a custom host-to-IP mapping
--kubernetes-cap-add value Add Linux capabilities [$KUBERNETES_CAP_ADD]
--kubernetes-cap-drop value Drop Linux capabilities [$KUBERNETES_CAP_DROP]
--kubernetes-dns-policy value How Kubernetes should try to resolve DNS from the created pods. If unset, Kubernetes will use the default 'ClusterFirst'. Valid values are: none, default, cluster-first, cluster-first-with-host-net [$KUBERNETES_DNS_POLICY]
--kubernetes-priority_class_name value If set, the Kubernetes Priority Class to be set to the Pods [$KUBERNETES_PRIORITY_CLASS_NAME]
--custom-config-exec value Executable that allows to inject configuration values to the executor [$CUSTOM_CONFIG_EXEC]
--custom-config-args value Arguments for the config executable
--custom-config-exec-timeout value Timeout for the config executable (in seconds) [$CUSTOM_CONFIG_EXEC_TIMEOUT]
--custom-prepare-exec value Executable that prepares executor [$CUSTOM_PREPARE_EXEC]
--custom-prepare-args value Arguments for the prepare executable
--custom-prepare-exec-timeout value Timeout for the prepare executable (in seconds) [$CUSTOM_PREPARE_EXEC_TIMEOUT]
--custom-run-exec value Executable that runs the job script in executor [$CUSTOM_RUN_EXEC]
--custom-run-args value Arguments for the run executable
--custom-cleanup-exec value Executable that cleanups after executor run [$CUSTOM_CLEANUP_EXEC]
--custom-cleanup-args value Arguments for the cleanup executable
--custom-cleanup-exec-timeout value Timeout for the cleanup executable (in seconds) [$CUSTOM_CLEANUP_EXEC_TIMEOUT]
--custom-graceful-kill-timeout value Graceful timeout for scripts execution after SIGTERM is sent to the process (in seconds). This limits the time given for scripts to perform the cleanup before exiting [$CUSTOM_GRACEFUL_KILL_TIMEOUT]
--custom-force-kill-timeout value Force timeout for scripts execution (in seconds). Counted from the force kill call; if process will be not terminated, Runner will abandon process termination and log an error [$CUSTOM_FORCE_KILL_TIMEOUT]
上記コマンドだと、インタラクティブなのですが、コマンドラインだけでやる方法もあります。
gitlab-runner register --non-interactive --locked=false --url=<URL> --registration-token=<token> --name=container-runner --tag-list=tag-runner --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind
Shell
で、参考にしたサイトは
https://e-penguiner.com/build-gitlab-runner-with-docker/
です。
実行すると、上記の場合は質問されないです。いろいろなサイトで見つけるやり方だといくつか質問をしてくるので、上記手順でメモした内容で答えていきます。
実行タイプはdockerを選んだほうがdocker上のGitLabに認識してもらえるので、いいかと思います。
質問結果は以下に保存されます。
/etc/gitlab-runner/config.toml
編集のために、コンテナの名前を確認します。
docker-compose ps
仮に、
gitlab-web-1
というコンテナ名でgitlabが動作していたとします。
docker exec -it gitlab-web-1 bash cd /etc/gitlab-runner
テキストエディタのviがインストールされていないので、インストールします。
apt-get update apt-get install vim
gitlab-runnerのサービスのインストール †
gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
実行は、
gitlab-runner run &
です。
停止は、
gitlab-runner stop
です。
GitLabでSpecific Runnerが表示されたあと何をするのか? †
GitLab.comではShared Runnerは限定されますが、オンプレミスGitLabではShared RunnerとSpecific Runnerの両方が利用可能であり、全体的に共有されたRunnerの設定が便利です。
Shared Runnerの設定 †
gitlab-runner registerで利用するトークンの取得 †
GitLabのどこで、トークンを取得できるかというと、[Menu] > [Admin] を選択し,[Overview] > [Runner]を選択します
右上の「Register an instance runner」ボタンをクリックすると、gitlab-runner registerで利用するトークンを取得することができます。
gitlab-runner registerでのrunner登録例 †
dockerのgitlab-runnerコンテナ名がroot-runner-1だった場合のrunner登録例です
docker exec -it root-runner-1 gitlab-runner register --non-interactive --locked=false --url=<URL> --registration-token=<token> --name=container-runner --tag-list=tag-runner --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind
2つ目のrunnerの追加は以下のようにやってみました。 †
[root@localhost gitlab]# docker exec -it gitlab-runner $gitlab_runner_container register --non-interactive --locked=false --url=$gtilab_url --registration-token=$gitlab_runner_token --name=$container_runner --tag-list=$tag_list --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind Runtime platform arch=amd64 os=linux pid=61 revision=dcfb4b66 version=15.10.1 Running in system-mode. WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872 Registering runner... succeeded runner=xxxx Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml" [root@localhost gitlab]# docker exec -it gitlab-runner gitlab-runner list Runtime platform arch=amd64 os=linux pid=71 revision=dcfb4b66 version=15.10.1 Listing configured runners ConfigFile=/etc/gitlab-runner/config.toml container-runner Executor=docker Token=xxxx URL=http://xxxx:xxxx/ container-runner-2 Executor=docker Token=xxxx URL=http://xxxx:xxx/
CI/CDの実行 †
GitLabで、runnerの実行ユーザを設定する †
GitLabのrunnerの実行ユーザは設定できます。
Advanced configuration †
https://gitlab-docs.creationline.com/runner/configuration/advanced-configuration.html
設定ファイルは、それぞれのrunnerのdockerコンテナごとにあるような感じです。
設定ファイルの場所は、もしrootで実行しているならば、
/etc/gitlab-runner/config.toml
にあるし、rootでの実行ではないならば、それぞれのユーザの
~/.gitlab-runner/config.toml
にあります。
gitlab-runnerをdockerのイメージで実行している場合は、viエディタがインストールされていませんので、以下のコマンドでインストールする必要があります。
apt-get update apt-get install vim
[runners.docker]
のuserを設定します gitlab-runnerのコンテナですでに以下のユーザが登録されています。
gitlab-runner
HelloWorld?的な簡単な設定ファイル †
まずは、設定があっていれば必ず成功するレベルの簡単な自動実行をチュートリアルとしてやってみます。
以下の設定ファイルが簡単な設定ファイルと、紹介サイト(https://e-penguiner.com/build-gitlab-runner-with-docker/)には書いてありました。
シンプルな.gitlab-ci.yml †
image: docker:20.10.15
services:
- docker:20.10.15-dind
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
before_script:
- docker info
test_ci:
script:
- docker pull alpine:latest
- docker run alpine:latest cat /etc/alpine-release
tags:
- tag-runner
.gitlab-ci.ymlの実行のさせ方 †
ブランチを作って、上記ファイルを含むマージリクエストを作った時点で、動作するようになります。
このyamlファイルの仕様については、以下が元の記事らしいのですが、わかりにくいので、ほかの記事も参考にしていきましょう。
参考記事 †
本家 †
https://gitlab-docs.creationline.com/ee/ci/yaml/
はじめてのGitLab-CI †
https://qiita.com/yurano/items/a7804d987ccff37b1a9d
JHipsterでのCI/CDの記事 †
https://www.jhipster.tech/setting-up-ci/#what-cicd-pipeline-do-you-want-to-generate-
jhipsterの7.9.3のdockerfile †
specific_token.png
Last-modified: 2023-04-27 (木) 11:45:26 (357d)